CVE-2011-2977 Information

Description

Bugzilla 3.6.x before 3.6.6 3.7.x 4.0.x before 4.0.2 and 4.1.x before 4.1.3 on Windows does not delete the temporary files associated with uploaded attachments which allows local users to obtain sensitive information by reading these files. NOTE: this issue exists because of a regression in 3.6.

Reference

http://secunia.com/advisories/45501 http://www.bugzilla.org/security/3.4.11/ http://www.osvdb.org/74302 http://www.securityfocus.com/bid/49042 https://bugzilla.mozilla.org/show_bug.cgi?id=660502 https://exchange.xforce.ibmcloud.com/vulnerabilities/69037